Thursday, 1 October 2015

Privacy Advocates Urge Stronger Protection Of Employee Health Data

Like millions of Americans, Michelle Muckenthaler joined her workplace wellness program this year, answering a bunch of questions about her health habits: What did she eat? How often did she exercise?

Next year, she’ll also face a wellness exam, including tests to measure her cholesterol level, blood sugar and weight. Worried about the privacy of her personal information, she says she’ll opt out, even though she will lose a discount off her premium.

“A $40 a month penalty is not enough for me to want to tell my employer what I’m doing with my health,” said Muckenthaler, 37, who lives near Denver.

The $6 billion a year workplace wellness industry is booming among employers looking for ways to slow health care spending. But so, too, are concerns about privacy.

Many programs ask detailed health-related questions, and a growing number include medical tests. Some offer workers cash or credits toward insurance discounts if they allow the programs to track their grocery store purchases or the number of steps they take. As the programs delve into ever more sensitive areas — mental health, finances, sleep habits and pregnancy — advocates say existing privacy and anti-discrimination laws fall short.

“I don’t think the privacy rules are anywhere close to adequate,” said Anna Slomovic, a lead researcher at the George Washington University Cyber Security Policy and Research Institute.

Existing laws, she and others say, don’t cover all wellness programs, allow employers to get personal medical information in some circumstances and haven’t kept pace with advances in technology now being used in some programs, including fitness trackers that report information about a wearer’s location, activity level and sleep patterns.

How Is Wellness Data Protected?

Federal law limits the scope of the personal health information that employers can glean from the programs and bars them from discriminating against workers with disabilities. Most employers say they get only aggregated, anonymous data. And consumer advocates cannot point to specific examples where wellness program data was misused by employers or not kept separate from employment-related decisions, such as hiring or firing.

Muckenthaler is worried about the privacy of her personal information, so she says she’ll opt out of the wellness program, even though she will lose a discount off her health insurance premium. (Photo by Barry Gutierrez/For KHN)

Still, this spring, the Equal Employment Opportunity Commission proposed a new rule warning employers that wellness programs must be voluntary, “reasonably designed” to improve health and not a “subterfuge for violating … laws prohibiting employment discrimination.” Last year, the EEOC brought several cases against employers, including one against Orion Energy Systems in Wisconsin where Wendy Schobert worked in the accounting office. Citing privacy and other concerns, Schobert opted out of her workplace program. As a result, she had to pay the full cost of her insurance, plus a $50 a month penalty and was warned not to express her opinions about the program to her co-workers, according to the EEOC’s lawsuit.

Within weeks, the lawsuit noted, she was fired. Orion disputes the allegations in its response to the EEOC.

The case — and another similar one also brought by the EEOC — is still pending.

While those lawsuits and much of the proposed EEOC rule address the definition of what constitutes a voluntary wellness program, the EEOC also took a swipe at adding some privacy protections. The proposal would require employers to spell out specifically what entities can access worker data and only allow employers access to that data mainly in an aggregate form that isn’t likely to disclose the identity of individuals.

Advocates, however, say the proposal includes a large loophole: It allows employers to get individual data provided to the wellness programs if needed to administer their health plans. Some advocates say the EEOC hasn’t defined clearly what “administer” means or why, in any case, the information would be needed.

This KHN story also ran on CNN. It can be republished for free (details).

“If, by ‘administer,’ the commission is referring to the ability to surcharge … nonparticipants, there is no need for actual medical information …” wrote David Certner, legislative counsel for the AARP, in one of hundreds of comment letters sent to the government concerning the EEOC proposal. “More effective firewalls are essential.”

Some point to the Health Insurance Portability and Accountability Act, heralded in 1996 as a big step toward helping consumers keep their personal medical information private, as a firewall. But there are gaps in the protection it provides.

Among other things, it limits what information employers who sponsor group health plans can receive about participants without their specific consent. Additionally, employers whose wellness programs are covered must promise to protect any personal medical information they receive and shield that information from any employees who are not specifically designated to see it. Employers also cannot use the information for employment-related actions.

But privacy advocates say HIPAA’s rules don’t apply directly to employers. In addition, wellness programs run entirely by the employer, rather than as part of the employer’s group health insurance plan, are also outside of HIPAA’s purview.

It isn’t known how many employers offer wellness programs entirely separate from their group health insurance benefit, although an annual survey of employers by the Kaiser Family Foundation showed that almost half of large employers offer wellness programs outside of their group health benefits. (KHN is an editorially independent program of the foundation.)

Even when consent is sought to gather or share the sensitive data as required by HIPAA, advocates say some wellness programs bury such authorizations in lengthy forms or deem the simple act of logging onto a wellness program website as a worker’s “electronic signature,” agreeing to the disclosure.

“In effect, this means employees have no control over their health information,” said Deborah Chalfie, senior legislative representative at AARP.

Finally, advocates say technology and the wellness programs that use them have expanded and advanced beyond what drafters of HIPAA and other anti-discrimination laws envisioned.

To make protections stronger, privacy rules should be extended to all workplace wellness programs, personal information should be deleted if employees stop participating and employers or the vendors they hire to run the programs should clearly spell out how the data gathered from all sources will be analyzed, said privacy researcher Slomovic.

“If the wellness programs are using food purchase data from an app, and combining it with something else, like your BMI [ an indicator of body fat], you should be able to know that,” she added.

The commission has not set a timetable for finalizing the regulation.

“A $40 a month penalty is not enough for me to want to tell my employer what I’m doing with my health,” Muckenthaler said. (Photo by Barry Gutierrez/For KHN)

A ‘Fun’ Perk To Promote Employee Health

Wellness programs sprang up more than two decades ago, prompted by rising health care costs. While employers are generally barred by the Americans with Disabilities Act (ADA) of 1990 from asking non-job-related health questions, regulations give them a broad exception to do so if the questions or medical exams are part of a voluntary wellness program.

Employers say wellness programs are a fun perquisite that can also alert employees to health issues while providing educational tools to combat preventable illnesses, which might save money over the long run.

“We don’t see individual results for anyone ever. Most employees are comfortable with that,”

said Jennifer Franco, director of employee benefits and programs at utility firm Exelon, where workers can save $500 a year on their health insurance premiums if they fully participate in the wellness program.

At IBM, the company’s long-running workplace wellness program has recently expanded to consider five “dimensions of health,” including physical, mental and financial health, said Meg Bach, who heads the company’s health promotion efforts.

“We have modules on sleep, on positivity, on meeting preparation, the value of taking breaks throughout the day,” said Bach. The sleep module, Bach said, includes materials to evaluate bedrooms to see if they are conducive to rest. A hydration module includes a urine color meter, “so every time a person used the rest room, they could see if they were dehydrated.”

IBM isn’t getting information about each employee’s sleep or hydration levels, Bach says, only aggregate information from their wellness vendors, using it “to make program changes, to make business decisions, to help focus our efforts … in support of the employees.”

Workers sensitive about privacy don’t have to participate, Bach said: “All of the programs are voluntary.”

The Cost Of Not Participating

As the financial stakes rise, however, workers don’t always see it that way.

“The only reason we do it is because of the $600,” said Amanda Hansen, a 59-year-old Maryland resident who works for a software company. She and her husband participate in her employer’s wellness program mainly to get the discount off their premium the company grants for doing so.

Hansen, who uses a wheelchair, says she worries that her personal medical information might get out somehow and, more broadly, about how such wellness programs might affect workers, especially those with disabilities.

“They ask you questions that are very personal,” Hansen said. “Not only do they get into vital stats on blood counts, but also things that cause you stress and how you sleep.”

Hansen worries that most employees access the program through company computers and websites, so “it would be very easy for that info to get filtered back.”

That concern is echoed by advocacy groups. While laws prohibit discrimination based on disabilities, they note that it is hard to prove.

“Once an employer knows you have a bipolar diagnosis or diabetes, it’s hard to parse out if it is being used to discriminate … to sort out why you got fired suddenly,” said Jennifer Mathis, director of programs at the Bazelon Center for Mental Health Law, an organization that advocates for people with mental disabilities.

Surveys show that privacy is a concern for some, but many workers, used to sharing all kinds of personal information on websites and elsewhere, are not at all worried. And some see advantages to wellness programs.

“I know for a fact I got healthier,” said Steven Rummel of Forest Park, Ill., who worked for utility firm Exelon until last September and got a free Fitbit and savings on his health insurance for joining its wellness program. “I lost about 15 or 20 pounds.”

Rummel, a 46-year-old data analyst, said he’s not concerned about his personal medical information getting out, partly because the wellness program was run by a third party, not his employer. Even if his former employer got personal information, he said, what could they do with it?

“Let’s say they started firing people with high cholesterol, in which case they would lay off two-thirds of the company and set themselves up for a serious PR disaster or a lawsuit,” he said. “It just didn’t seem plausible.”